// Copyright 2025 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Code generated by sidekick. DO NOT EDIT.
#![allow(rustdoc::redundant_explicit_links)]
#![allow(rustdoc::broken_intra_doc_links)]

/// Implements a client for the Cloud Identity-Aware Proxy API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
/// let client = IdentityAwareProxyAdminService::builder().build().await?;
/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// APIs for Identity-Aware Proxy Admin configurations.
///
/// # Configuration
///
/// To configure `IdentityAwareProxyAdminService` use the `with_*` methods in the type returned
/// by [builder()][IdentityAwareProxyAdminService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://iap.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::identity_aware_proxy_admin_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `IdentityAwareProxyAdminService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `IdentityAwareProxyAdminService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct IdentityAwareProxyAdminService {
    inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
}

impl IdentityAwareProxyAdminService {
    /// Returns a builder for [IdentityAwareProxyAdminService].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_iap_v1::client::IdentityAwareProxyAdminService;
    /// let client = IdentityAwareProxyAdminService::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::identity_aware_proxy_admin_service::ClientBuilder {
        gax::client_builder::internal::new_builder(
            super::builder::identity_aware_proxy_admin_service::client::Factory,
        )
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::IdentityAwareProxyAdminService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<
        std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyAdminService>,
    > {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyAdminService> {
        super::transport::IdentityAwareProxyAdminService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyAdminService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::IdentityAwareProxyAdminService::new)
    }

    /// Sets the access control policy for an Identity-Aware Proxy protected
    /// resource. Replaces any existing policy.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn set_iam_policy(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::SetIamPolicy {
        super::builder::identity_aware_proxy_admin_service::SetIamPolicy::new(self.inner.clone())
    }

    /// Gets the access control policy for an Identity-Aware Proxy protected
    /// resource.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn get_iam_policy(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetIamPolicy {
        super::builder::identity_aware_proxy_admin_service::GetIamPolicy::new(self.inner.clone())
    }

    /// Returns permissions that a caller has on the Identity-Aware Proxy protected
    /// resource.
    /// More information about managing access via IAP can be found at:
    /// <https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api>
    pub fn test_iam_permissions(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::TestIamPermissions {
        super::builder::identity_aware_proxy_admin_service::TestIamPermissions::new(
            self.inner.clone(),
        )
    }

    /// Gets the IAP settings on a particular IAP protected resource.
    pub fn get_iap_settings(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetIapSettings {
        super::builder::identity_aware_proxy_admin_service::GetIapSettings::new(self.inner.clone())
    }

    /// Updates the IAP settings on a particular IAP protected resource. It
    /// replaces all fields unless the `update_mask` is set.
    pub fn update_iap_settings(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::UpdateIapSettings {
        super::builder::identity_aware_proxy_admin_service::UpdateIapSettings::new(
            self.inner.clone(),
        )
    }

    /// Validates that a given CEL expression conforms to IAP restrictions.
    pub fn validate_iap_attribute_expression(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression {
        super::builder::identity_aware_proxy_admin_service::ValidateIapAttributeExpression::new(
            self.inner.clone(),
        )
    }

    /// Lists the existing TunnelDestGroups. To group across all locations, use a
    /// `-` as the location ID. For example:
    /// `/v1/projects/123/iap_tunnel/locations/-/destGroups`
    pub fn list_tunnel_dest_groups(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups {
        super::builder::identity_aware_proxy_admin_service::ListTunnelDestGroups::new(
            self.inner.clone(),
        )
    }

    /// Creates a new TunnelDestGroup.
    pub fn create_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::CreateTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Retrieves an existing TunnelDestGroup.
    pub fn get_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::GetTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Deletes a TunnelDestGroup.
    pub fn delete_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::DeleteTunnelDestGroup::new(
            self.inner.clone(),
        )
    }

    /// Updates a TunnelDestGroup.
    pub fn update_tunnel_dest_group(
        &self,
    ) -> super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup {
        super::builder::identity_aware_proxy_admin_service::UpdateTunnelDestGroup::new(
            self.inner.clone(),
        )
    }
}

/// Implements a client for the Cloud Identity-Aware Proxy API.
///
/// # Example
/// ```
/// # tokio_test::block_on(async {
/// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
/// let client = IdentityAwareProxyOAuthService::builder().build().await?;
/// // use `client` to make requests to the Cloud Identity-Aware Proxy API.
/// # gax::client_builder::Result::<()>::Ok(()) });
/// ```
///
/// # Service Description
///
/// API to programmatically create, list and retrieve Identity Aware Proxy (IAP)
/// OAuth brands; and create, retrieve, delete and reset-secret of IAP OAuth
/// clients.
///
/// # Configuration
///
/// To configure `IdentityAwareProxyOAuthService` use the `with_*` methods in the type returned
/// by [builder()][IdentityAwareProxyOAuthService::builder]. The default configuration should
/// work for most applications. Common configuration changes include
///
/// * [with_endpoint()]: by default this client uses the global default endpoint
///   (`https://iap.googleapis.com`). Applications using regional
///   endpoints or running in restricted networks (e.g. a network configured
//    with [Private Google Access with VPC Service Controls]) may want to
///   override this default.
/// * [with_credentials()]: by default this client uses
///   [Application Default Credentials]. Applications using custom
///   authentication may need to override this default.
///
/// [with_endpoint()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::with_endpoint
/// [with_credentials()]: super::builder::identity_aware_proxy_o_auth_service::ClientBuilder::credentials
/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
///
/// # Pooling and Cloning
///
/// `IdentityAwareProxyOAuthService` holds a connection pool internally, it is advised to
/// create one and the reuse it.  You do not need to wrap `IdentityAwareProxyOAuthService` in
/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
/// already uses an `Arc` internally.
#[derive(Clone, Debug)]
pub struct IdentityAwareProxyOAuthService {
    inner: std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
}

impl IdentityAwareProxyOAuthService {
    /// Returns a builder for [IdentityAwareProxyOAuthService].
    ///
    /// ```
    /// # tokio_test::block_on(async {
    /// # use google_cloud_iap_v1::client::IdentityAwareProxyOAuthService;
    /// let client = IdentityAwareProxyOAuthService::builder().build().await?;
    /// # gax::client_builder::Result::<()>::Ok(()) });
    /// ```
    pub fn builder() -> super::builder::identity_aware_proxy_o_auth_service::ClientBuilder {
        gax::client_builder::internal::new_builder(
            super::builder::identity_aware_proxy_o_auth_service::client::Factory,
        )
    }

    /// Creates a new client from the provided stub.
    ///
    /// The most common case for calling this function is in tests mocking the
    /// client's behavior.
    pub fn from_stub<T>(stub: T) -> Self
    where
        T: super::stub::IdentityAwareProxyOAuthService + 'static,
    {
        Self {
            inner: std::sync::Arc::new(stub),
        }
    }

    pub(crate) async fn new(
        config: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<Self> {
        let inner = Self::build_inner(config).await?;
        Ok(Self { inner })
    }

    async fn build_inner(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<
        std::sync::Arc<dyn super::stub::dynamic::IdentityAwareProxyOAuthService>,
    > {
        if gaxi::options::tracing_enabled(&conf) {
            return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
        }
        Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
    }

    async fn build_transport(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyOAuthService> {
        super::transport::IdentityAwareProxyOAuthService::new(conf).await
    }

    async fn build_with_tracing(
        conf: gaxi::options::ClientConfig,
    ) -> gax::client_builder::Result<impl super::stub::IdentityAwareProxyOAuthService> {
        Self::build_transport(conf)
            .await
            .map(super::tracing::IdentityAwareProxyOAuthService::new)
    }

    /// Lists the existing brands for the project.
    pub fn list_brands(&self) -> super::builder::identity_aware_proxy_o_auth_service::ListBrands {
        super::builder::identity_aware_proxy_o_auth_service::ListBrands::new(self.inner.clone())
    }

    /// Constructs a new OAuth brand for the project if one does not exist.
    /// The created brand is "internal only", meaning that OAuth clients created
    /// under it only accept requests from users who belong to the same Google
    /// Workspace organization as the project. The brand is created in an
    /// un-reviewed status. NOTE: The "internal only" status can be manually
    /// changed in the Google Cloud Console. Requires that a brand does not already
    /// exist for the project, and that the specified support email is owned by the
    /// caller.
    pub fn create_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::CreateBrand {
        super::builder::identity_aware_proxy_o_auth_service::CreateBrand::new(self.inner.clone())
    }

    /// Retrieves the OAuth brand of the project.
    pub fn get_brand(&self) -> super::builder::identity_aware_proxy_o_auth_service::GetBrand {
        super::builder::identity_aware_proxy_o_auth_service::GetBrand::new(self.inner.clone())
    }

    /// Creates an Identity Aware Proxy (IAP) OAuth client. The client is owned
    /// by IAP. Requires that the brand for the project exists and that it is
    /// set for internal-only use.
    pub fn create_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::CreateIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }

    /// Lists the existing clients for the brand.
    pub fn list_identity_aware_proxy_clients(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients {
        super::builder::identity_aware_proxy_o_auth_service::ListIdentityAwareProxyClients::new(
            self.inner.clone(),
        )
    }

    /// Retrieves an Identity Aware Proxy (IAP) OAuth client.
    /// Requires that the client is owned by IAP.
    pub fn get_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::GetIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }

    /// Resets an Identity Aware Proxy (IAP) OAuth client secret. Useful if the
    /// secret was compromised. Requires that the client is owned by IAP.
    pub fn reset_identity_aware_proxy_client_secret(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret
    {
        super::builder::identity_aware_proxy_o_auth_service::ResetIdentityAwareProxyClientSecret::new(self.inner.clone())
    }

    /// Deletes an Identity Aware Proxy (IAP) OAuth client. Useful for removing
    /// obsolete clients, managing the number of clients in a given project, and
    /// cleaning up after tests. Requires that the client is owned by IAP.
    pub fn delete_identity_aware_proxy_client(
        &self,
    ) -> super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient {
        super::builder::identity_aware_proxy_o_auth_service::DeleteIdentityAwareProxyClient::new(
            self.inner.clone(),
        )
    }
}
